312-50V13 · Question #454
An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether
The correct answer is A. Side-channel attack. The attacker employed a side-channel attack by exploiting timing differences in the authentication process to deduce password characters one by one.
Question
Options
- ASide-channel attack
- BDenial-of-service attack
- CHMI-based attack
- DBuffer overflow attack
How the community answered
(40 responses)- A90% (36)
- B3% (1)
- C3% (1)
- D5% (2)
Why each option
The attacker employed a side-channel attack by exploiting timing differences in the authentication process to deduce password characters one by one.
A side-channel attack exploits information gained from the physical implementation of a system, such as timing differences in execution, to infer sensitive data. In this scenario, the attacker uses the time taken for authentication to deduce the correctness of individual password characters.
A denial-of-service attack aims to make a service unavailable, not to deduce passwords by observing system behavior.
An HMI-based attack targets the Human-Machine Interface for unauthorized control, not for password cracking via timing analysis.
A buffer overflow attack involves overwriting memory beyond allocated buffer space, which is unrelated to the described timing-based password cracking method.
Concept tested: Timing-based side-channel attacks
Source: https://www.microsoft.com/security/blog/2019/07/22/a-look-at-side-channel-attacks-and-their-mitigation/
Topics
Community Discussion
No community discussion yet for this question.